Main menu

Post navigation

As I write this 2018 has come to a close. The stock market surges and falls on a daily basis because of China, Apple, the Government Shut down. Chance are, the issues that keep you up at night as a business or real estate owner have less to do with those issues and more to do with growth, human resources, problems with product or property and process.

Hire Slow and Fire Fast. Regardless of what happens in the world, this adage appears to remain true. If you’re in love with your potential new business partner, one of the first questions I will ask you is how you will manage the time when your relationship ends. This is true also for employees and vendors, so I expect that conversations about qualifying prospects will remain a top issue in 2019.

Getting A No. Choose your customers wisely. This is a follow-on to the first note above but, I have always found that no one is a fit for everyone. Come up with your minimum, non-negotiables or requirements for working with partners, vendors, employees. Let them know up front. The clearer you are to them and to yourself, the less likely you will waste time on working with someone where there is not a fit.

Expect the Best, Due Diligence. I continue to be amazed that folks plan a meeting and have not scoured the Internet to learn everything they can about what their prospect has written, said, presented. Use the Internet, lop of the highest of self-praise and the lowest of self-deprecation (within reason), and due your diligence.

Cash. You will be able to sleep better at night if you have more cash in the bank than debt. Even if you don’t earn a return on that money, plan for your next great expansion, a business challenge or adversity with cash. This is a different number for everyone but take the time to plan it out.

Intellectual Property. In every meeting I have as an investor and in every meeting with clients, having an edge from an intellectual property perspective is a huge competitive advantage. Take the time and devote the resources to get this advantage or to determine where the holes are and do it early and often. Enforcing IP rights is costly, hence the need for cash.

Strategic Planning. If you are of any age, you realize how fast time flies. Without a plan, any road will take you “there.” With a plan, you can test approaches, strategies, resources and assumptions. Planning is as important as ever as competition has become fierce in every sector.

If you are a founder, owner, partner or investor with a focus on AI, cannabis, real estate, software, let’s discuss your assumptions for 2019 and how you will get there.

Call me at 310-570-2399 if you collect any personal data from any EU resident to see how to get prepared.

Enforcement Deadline: May 25, 2018

Regulatory Bodies: EU Parliament,

A regulation is binding legislation across EU

Some conflicts remain between Commission language and Parliamentary language – and is still being hammered out

Actual text is here: https://www.eugdpr.org/more-resources-1.html

What is Personal Data:

Any info of a natural personal that can identify that person including name, photo, email, bank details, posts, medical info, IP address

Potential for abuse: “Think of targeted advertising: the ad network does not need to know who the person that visited a website is, it is enough to know that this person is the same person who earlier visited sites A and B and sometimes clicks on ads for product C. This should be reflected in the definition of data subject by including the aspect of “singling out”. (https://edri.org/files/GDPR-key-issues-explained.pdf)

Entities covered: “it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.”

Consent: Must be clear, distinguishable, intelligible and easily accessible with the purpose for clearly defined

Consent may be withdrawn

Consent is required for collection to be of a lawful purpose

Notify Requirement: 72 hours of first having become aware or “likely to result in risk to rights and freedoms of individuals”

Notice to customers, controllers

Right to Access: User must be able to obtain confirmation whether or not personal data is being processed, where and for what purpose.

Right to get copy in electronic format for free

Right to be Forgotten (Article 17):

Right to have all data erased, ceased dissemination and have third parties halt processing

Reasonable steps (Article 17(2)

The right is not absolute however and permits exception for purposes of freedom of expression. For ex, “These exceptions allow Member States to restrict data protection rights in order to reconcile the fundamental rights to data protection and freedom of expression.”) Id.

Portability:

Right to obtain all data in a “commonly used and machine readable format” or transferred to another

Note: non-final language

Commission: if subject has provided personal data and processing is based on consent or on contract, subject has right to transmit

Parliament:

If subject provided personal data and personal data is processed electronically, subject has right to obtain a copy

Council: No right if disclosing personal data would infringe IP rights

Privacy by Design (Article 23):

“The controller shall..implement appropriate technical and organizational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects”

Out of the box products should be designed with privacy in mind first.

Encryption does not appear mandatory

Only process data that is absolutely necessary for completion of duties AND limit access of personal info to others during processing

Lawful purposes include: “consent, the necessity for fulfillment of contract, legal obligation, necessary for vital interests of the data subject, necessity for the performance of a task in the public interest / official authority”

What is necessary?

“ For example, it is generally accepted that limited processing of personal data can be carried out for reasons of IT security, to ensure availability of services. On the other hand, incompatible purposes have no relation to the initial purpose. An example is telecommunications data retention: the initial purpose of collection (billing) and the further processing (storage for law enforcement use) are completely unrelated. In some cases, such incompatible use might be justified. The Commission proposal allows incompatible use if the new incompatible use has a basis in one of the grounds for lawfulness, except for legitimate interest. Therefore, the data retention example would be covered under processing that is necessary for compliance with a legal obligation to which the controller (here: telecommunications operator) is subject (Article 6(1)(c)). (https://edri.org/files/GDPR-key-issues-explained.pdf)

Data Protection Officers (Article 37):

Only required appointment if public authority, systematic monitoring of data subjections on large scale or special categories of data or data relating to criminal convictions/offenses

Otherwise: internal record keeping requirement

Model Contract Clauses proposed

Note: Non final language remains

Parliament text calls for DPO if:

Special category of health, religious or political

processing over 5000 data subject in 12 months

Commission requires DPO if

Over 250 employees

Does not mandate DPO unless required by EU or memberstate law

Call me at 310-570-2399 if you collect any personal data from any EU resident to see how to get prepared.

– new investment in real estate may prompt consideration of how “old” business model applies to new tax environment

[This post is part of a series related to recent client inquiries. It changes frequently so check back again soon. For a broad description of the kind of work I do and representative work, see Services.]

When I was in college, no one would have dreamed that marijuana would become mainstream. Dispensaries are almost everywhere and soon non-medical marijuana use will be legal in California. Washington, Nevada, Colorado, to name a few, are already there.

So how do you cash in?

Build a Business Plan

Nearly every week, I get a phone call from someone “starting” a cannabis business. A few weeks ago, I spoke to a 20 something who already had a pen manufactured and for sale. I was impressed by how much they had done and yet surprised by some of the risks they were willing to take. I thought I’d give you a top ten list of points to consider.

How Much Will It Cost You To Generate The Revenue Number Of Your Reasonable Dreams.

You read that right. What will it COST you to generate your Revenue projection?

For example, say you envision selling an oil or wax product by the gram to dispensaries. You sell at $14 and they sell for $30. And you dream up a revenue number of $1million. That is 66,666 units sold.

Wow, right?

What will it cost you to make that kind of coin?

Presumably you will purchase the flower, cost?

and have it refined right? Cost?

Add up all of your costs including: raw product, third party services, packaging, Labor, salaries, taxes, insurance, delivery, rent, cash management. If you want to be even smarter, separate your costs of goods sold from your costs to sell and run the business.

Well, what does it cost you to generate $1mil in revenue? Still probably a good number right

2. How Does Your Product Offering Differ From Competitors? (other than yours is the best)

Today you can compare your products on websites like weedify and leafly. Come January, that competition is going to triple for a while. Prices will fall.

If you have to start selling your product to dispensaries at $10 per unit or $5 per unit, are you still making money?

3. Partnership? How Will You Break A Deadlock If You And Your Best Friend Own 50/50

When you go into business with another, even if you do not have a written agreement, you are treated as partners. If you do not have an agreement, you run some significant risks. Partnerships can be formed under either an S corp, LLC or even general partnership. Picking the right entity is something I’ve covered elsewhere and if you’ve already formed an entity and aren’t sure if it is done right, that is covered elsewhere too.

Most marriages end in divorces. Business marriage divorce rates are even higher. I won’t go into the details of it but you must have a way to break a deadlock if two owners have equal voting rights. What is your plan for that?

For example, let’s say Al and Bert start off great and then Bert decides he wants to take the business in a different direction. Or, what if Al gets sick of Bert not working as hard as Al, but Bert takes an equal amount of net income. What if Bert decides that he is going to offer a slice of the business to his nephew? What if Al shows up with a new expensive piece of equipment and says “I wrote the check from the company check book because I think this equipment will really be fun to have here.”

How will two equal partners break that disagreement? Without having a serious discussion and taking steps in a written agreement, you’ve bought trouble.

4. Competition: How Will You Adjust When Price Per Gram Is 90 cents or $400 per lb?

I have had several conversations after reviewing a business plan that puts price per lb at $2000 USD. Sure, that happens but in the new world, the price for flower is coming waay down. How will the reality of a $400 lb if sold in a four lb lot effect your business plan?

5. Who Will Pay If Your Pen or Vapor Device Explodes Like an E-Cigarette (and You Have No Insurance)?

I am so impressed by these pen/vape pen companies in getting their products onto the market. I am not impressed by the fact that they all use the same Chinese factories and few if any have product liability insurance. When they blow up in someone’s mouth or pocket like e-cigs did – same technology – you can be sure that a plaintiff’s lawyer will sue you, the dispensary and everyone up the chain to the manufacturer. The manufacturer in China will be insulated from liability because no one will litigate this there.

So what have you done to safeguard IP infringement risk, packing/child proof liability, product liability risk?

6. If You Convert From a Mutual Benefit Corp to a For Profit, Was It Done Right?

Do who did your conversion? Was it done right?

Did it follow the statute?

Generally, a nonprofit public benefit corporation without assets can convert to a for-profit corporation by amending its articles of incorporation and providing a copy of the amendment to the Attorney General at least 20 days prior to its filing. See Calif. Corp. Code § 5813.5(a), (b). However, a nonprofit public benefit corporation with any assets cannot convert into a for-profit corporation through an amendment to its articles unless the amendment has received prior written consent of the Attorney General. Calif. Corp. Code § 5813.5(b). According to the California Attorney General’s publication, “Nonprofit Transactions Requiring Notice or Attorney General Approval,” certification that all charitable assets of the nonprofit will be transferred to another charity is required for consent. Furthermore, the publication states that applications should include:

A letter signed by an attorney or a director of the corporation setting forth a description of the proposed action and the material facts concerning the proposed action; authorizing the proposed action, and board meeting minutes reflecting discussion of the proposed action;

A copy of the corporation’s current financial statement;

A copy of the corporation’s articles of incorporation (if not already on file with the Registry of Charitable Trusts) and the articles of incorporation of any other corporation that is a party to the proposed action;

Any independent appraisals of the value of the public benefit corporation that are available. (In complex transactions involving conversion of a large public benefit corporation, the Attorney General usually requires independent valuation appraisals or other evidence that the transaction is fair and reasonable to the public benefit corporation.);

A statement of the plan for distribution of the assets of the public benefit corporation to a qualified charitable organization, or for payment by the directors or purchasers of the public benefit corporation of the fair market value of the corporation to a qualified charitable organization.

If it didn’t, what is your liability? If you were a member of an MBC and you suspect conversion (or maybe your rights were terminated completely) did not work properly, let’s discuss your rights.

One more thing:

If I had a dollar for every call I get that involves a debit card, selling private placements to cannabis cash holders, I’d be able to buy me some real kicks. No, seriously though: don’t get all jazzed up by a new solution to the age old problem of depositing cannabis cash. If it smells fishy, it probably is.

Now that all commercial life occurs “online,” are you taking your password and data protection seriously? Could you have already left the door open to your systems and is your info already for sale? Well, fix it now.

Has the Equifax hacking frazzled your mind? Are you worried about the almost daily stories about US consumer data being stolen and hacked? Well, I am very worried and I urge you to take action too.

Today I had my cybersecurity client (BLOKWORX.COM) run a search for my domain name rutchik.com. And this is what he found below and it freaked me out.

He has a tool to search for his client’s and while I was glad that the info he found was very old and not a concern, he did find my email address. Non-issue: Everyone’s email addresses are pretty much available but it is the password (often your simple to remember, way too easy for guessing software to guess) that are offered with your email address that must be addressed.

Have you had the dark web searched for your data?

What would you do if your companies’ data was available for sale?

Would you be surprised if I told you that anyone who uses the search software can quickly see that if your firm’s data is in there:

most passwords are basic words like: Pet names plus two digits, Summer, Winter, Fall, Spring plus two digits, first names and other common English language names;

few passwords are more than 7 characters long and thus easily guessed by software

few use different passwords for different types of online accounts: from most secure banking to email users use the same, simple passwords

Few users encrypt their computers or phones even though encryption is easily available, does not aeffect your daily use and would prevent loss of your data if your device were stolen

Only you will take your firm’s data seriously. No government or private company will offer a service soon to secure our online lives. If you do not NOW go thru your passwords, your security of data approach firm-wide or household-wide, then no one will.

If you’d like to discuss some of the approaches our clients use, please reach out.

You might want to put a call into www.BLOKWORX.com. I am very proud of this client’s work and would recommend you have your network safeguarded.

Do you know the story about the motorcycle? Well, there are two motorcycles. One that was dropped and the other, that will be dropped. The same can be said about hacking.

So if you’re like me – you’re probably reading this on your phone, in your car, at a red light (I hope) or parked. Or, if you’re like some of my clients, you are reading this on your iPad mini, on your yacht on Nantucket, or maybe even in the Seychelles. It is August after all.

Often, I ask my clients to review an important documents – or they send me one for my review – and we email a documents and files back and forth and from one person to many while we determine how best to proceed. So picture yourself, whether it is an investment decision or a litigation or a transaction.

You know the drill right? You can picture yourself, whether it is an investment decision or a litigation or a transaction, sending document drafts back and forth.

What about documents that you draft on your work computer (which you also use personally) and email it to yourself to work on over the weekend or from home? Ever do that? Or, maybe you upload documents to a cloud server like Google Drive or Dropbox?

Info Sent Over The Internet (via Email) Goes Thru Many Hands

For example, this list is all the places the document takes between my computer and a hypothetical recipient located at the Nantucket Boat Basin (There is no private info here; it is simply a trace route from my server to a public web domain address for illustration only). This trace route shows all stops that data takes between me and the end point.

2) Identifying the Risks:

The risk is simple:

Your personal or corporate info could be put up on the web,

held for ransom (See below)

given to the other side in your current transaction or litigation

tax returns filed and refunds taken (this happens more often than I can imagine);

At the source of the problem is very bad people wanting to take money and make your and your client’s lives a nightmare. More specifically, the bad people may unwittingly stumble on confidential info that will disrupt your business or personal objectives. And, they are simply getting more brazen, because the tools they use are even easier for them to get.

In May 2017, the Wannacry hack (or more accurately technology developed by the US National Security Agency), affected many who lost access to critical data unless they paid a ransom. It will happen again and it will only get worse because tools to gain access to the Internet and all connected devices readily exist.

– Many did not call law enforcement;
– Most did not have sufficient back ups;
– Even if they did have back ups, the data’s confidentiality was compromised (probably); and
– Many of those affected were family offices.

a) Map Every Connection of Your Network and Have an IT Professional Ethically Hack Your Network

Here is an example of a map:

Source: https://www.paessler.com/network-mapping

You might even try it for free for your own network: https://www.paessler.com/download/prtg-download (This is not an endorsement but rather a recommendation that you had better start getting familiar with all of the doors and windows into your network. Call me if you want the recommendation of recommended professionals)

b) A Note About Passwords:

The truth is that the biggest risk is that your passwords will be accessed (not even hacked) by a former employee, a contractor who gets curious, or even an existing employee. How would you know if someone other than an authorized individual accessed YOUR machine while you were away, your account, your cloud storage? You wouldn’t.

C) Encryption:

A few words on Dropbox and Google Drive

These fabulously convenient cloud storage locations do not tell you who has accessed your drive. Even if you share the drive with authorized users, do you know when they access the info? Do you care? What if some one hacks dropbox or google drive? Your data may be encrypted there but how do you know?

One way to be sure is to encrypt your data at your local computer using something like boxcryptor and then uploading only the encrypted version. Sure it is cumbersome but then you won’t have to worry.

Turn on Encryption on your Iphone and Your Laptops

Apple devices come with great encryption. That way if your device is stolen, no one can get access to your data.

Take the time to learn about the risks to your organization’s info. I’d be happy to discuss all of the above topics including ethical hacking, solutions and what to do if it already happened.

[A Whole Week With an Angry CTO] — How A Tech Services Company Closed Their Big Customer Anyway (Episode: 0523)

Sometimes getting the internal team to agree is more than half the battle

This is about Takashi, a CEO of a Silicon Valley-based Cloud computer managed services company and his CTO Jiro. The Company has about $3mil of annual revenue with a goal of growing to $8mil in two years. Everyone’s compensation is tied to that goal. Takashi has a strong number 2 in Jiro, his CTO. Jiro and Takashi have worked together for 16 years, and are close friends. Earlier this week, Jiro was very angry at Takashi for the business direction things had taken.

I recently dealt with coming between this CEO and the other major internal decision-maker in my client, while trying to advise them on how to close a large customer. What do you do if your internal team disagrees on how to proceed? How do you help them move forward and close the deal while healing the internal conflict? Is it always clear? This story is shared from Takashi’s and Jiro’s vantage point.

Enter Takashi

Last quarter, a large customer we were working on finally was ready to hire us. The only problem was, they (a) wanted us to take more risk over their network’s product development staging area than our standard service level; (b) wanted us to devote extra development resources; and (c) they would NOT tell us exactly what THEIR downstream customers do with the product. We were pretty sure it was aerospace related. Knowing our customer’s customer is beyond our NORMAL need to know but this was not a normal deal. Plus, we need this customer to meet our growth goals. We’ve invested tons of time proposing and quoting and learning about this customer. We can do their work but at what risk.

I had sold the client on the following: out of the box service offering plus some customer development work was the right skill level for the customer. They would have to go to Europe or Asia to compete without skill set and based on their business model, I knew that was a non-starter for them. Little did I know that that they would impose their own terms late in the game and force my hand.

A Word from Jiro

From my perspective, it was simply a question of resources.

“I cannot have my engineers spend too much time on a customer custom development. That means fewer individual hours doing monitoring and custom maintenance, which is our bread and butter.”

“Our business is set-up to allocate flexible human hours to each customer but we do not have so much wiggle room to add hours for development without a significant quality impact elsewhere.”

The customer wanted us to do custom database development;

The customer wanted us to “indemnify them” and take on much more risk from damage and infringement type claims; and

The customer wanted us to guarantee the availability of specific engineering staff.

In sum, the customer wanted us to act as their custom development team. That was not our business and everyone but my CTO saw this as a good thing.

Takashi says:

When I mentioned this at an internal meeting, people sat with hands in their laps, shook their heads, stares went to Jiro and many sat with their mouths open waiting to scream. The common thread was:

“Wait? What?

How have we gotten this far down with such a big customer and consider walking away? How was what they wanted not our ideal client?

Does everyone on the team really seeing this as a good thing?”

The answers were not so simple at first.

Then Jiro added:

“Maybe they are our ideal client.”

Now with intense curiosity, they lean in.

“And Jiro’s concerns?” someone asked

Everyone needed to understand his concerns about staffing and the real concern Jiro had about quality. But I also wanted everyone to understand how this client made us pivot and focus on what was really the key to our business – and in one word — it was MARGIN.

Offer broader services at the better margin: We gave the customer what they wanted at a price that was our base offering plus a fair estimate of our cost plus 20%. And we explained it to the customer so they saw our math.

Staffing tied up: We offered our staff a choice. We gave internal staff the chance to float across project categories, gain training and offered the customer on-time and early delivery pricing incentives.

Quality control: We listened to the customer but gave them the choice. “What was more important,” we asked, “was it the stability of your development environment or price.” The customer wanted quality and fewer bugs.

THIS IS WHAT WE DID….

Lesson #1: Margin goals were reviewed

BY PEELING BACK TO THE BASICS OF OUR BUSINESS WE LEARNED WE COULD GET HIGHER MARGINS.

Task: We looked at which service offerings yielded highest margins and least amount of quality/trouble tickets. We had never been forced to do this before this customer.

Result: Higher margins.

I can’t stress how important this shift has been for me.

Lesson #2: WHAT GOOD THING ALSO CAME OUT

Yes, it’s absurd to think that we did not give our customer the choice between two prevailing conditions.

Result: Without struggling to cover quality with limited staff, we now have a customer that shares the risk of their own business demands. They do not have to bear the whole risk – that would mean they would just do the work themselves. Positive outcome for both sides.

Lesson #3: POSITIVE OUTCOME

In order for us to explain how our business worked for our customer in terms of cost and margin, we had to first understand it ourselves. The process caused our whole team – and not just finance – to understand the margin components and margin impact of every single facet of our business.

“This was one of the most valuable exercises we have had internally,” Jiro admitted

Result: We developed a broader service offering but more importantly, we gained a clearer understanding of which parts of our offering yield the most margin and at what top line cost.

Every demand from a customer creates an opportunity to test the demand against the basic assumptions of our business model.

How to Increase Margins Without Sacrificing Our Internal Team:

1. Really listen to what is important to the customer

2. Have an honest margin analysis methodology for every facet of your business

4. Give internal staff a seat at the table to discuss the opportunity, the financial and operational impact and whether or not it fits with your existing “ideal client” profile.

###

AFTERWORD BY GREGORY: Are all of your customers a version of your “ideal customer” ? If not, how did you reconcile the prospective customer with your business plan? How would you approach it? Please share your thoughts below…..

You’re so excited by the interview. They asked you all the right questions and you had all of the right answers right? Then comes the offer. Now what?

Did they ask you for your salary “history”, “requirements” or just ask “so, what are you making?”

If this is your first job after college or graduate school, chances are, YOU HAVE ZERO ROOM to negotiate BUT…

One of the most common questions I get asked is about salary negotiations and whether you should “be honest” about your current salary, “how to get the most salary and benefits possible” and increase your total compensation.

I’m going to give you the good news and the bad news all at once. If you have not thoroughly researched the employer and the compensation ranges for your level, you’re not going to find anything magical here. You’ve got to give me something to work with.

After you’ve looked at glassdoor and scoured google for what ever you can about salary, if it is a publicly traded company, YOU MUST read the public filings on edgar.gov. Search for the company and employment agreements.

It is all public info. If you take the time, and know how to do the search. You will find gold. Feel free to hire me to do this for you. The below is just an example and will definitely NOT apply to you.

3. The more you search for like roles in other companies and the more you know, the more capable you are to ask the right questions.

Equally important, what I can tell you is this:

REGARDLESS OF THE LEVEL OF EMPLOYEE, YOU MUST BRING UP AND NEGOTIATE YOUR SEVERANCE NOW. You will never have the chance to negotiate your exit again (with any leverage).

This is an example of what severance looks like for a very financially fortunate person:

The above letter is not YOUR severance or your deal BUT the questions I would want to know:

Are you at the level in the Company (e.g. your future employer) where there is severance? And if so, what is the policy.

If no, you could tell them what you want and see their reaction ONLY if you have done the research in advance to know exactly what your predecessor got. Is this Company the type that has arbitrated with former employees? Wouldn’t you like to know that before you start down this road?

Most importantly: their answers to your questions will give you a good idea about what type of organization you are considering joining.

Give me a call – I can help you work out a salary and severance negotiation that fits your situation. 310-570-2399